Vulnerabilities > Cmsmadesimple > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-43360 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-23 CVE-2023-43358 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43353 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43354 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43355 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43356 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43357 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-19 CVE-2023-43359 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-09-28 CVE-2023-43872 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
network
low complexity
cmsmadesimple CWE-79
5.4
2023-09-25 CVE-2023-43339 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
network
low complexity
cmsmadesimple CWE-79
6.1